ansible-hardening : V-38660 - The snmpd service must only use SNMPv3 or newer Bad Grep
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack-Ansible |
Fix Released
|
Low
|
Major Hayden |
Bug Description
If I run the ansible-hardening using the following var:
stig_version: rhel6
I get an error with the following task:
TASK [ansible-hardening : V-38660 - The snmpd service must only use SNMPv3 or newer]
I looked to see what it is checking in the code and it is running the following grep:
egrep 'v1|v2c|
When I run this manually all I get are commented out sections of code;
# egrep 'v1|v2c|
#rocommunity public7969d localhost
rocommunity public7969d default -V systemonly
#rocommunity secret 10.0.0.0/16
# It's no longer typically necessary to use the full 'com2sec/
# r[ow]user and r[ow]community, together with suitable views, should cover most requirements
It appears the regex in the grep is attempting to get rid of comments but it includes them.
The following removes comments correctly. the additional \ in the current grep might have been added to try to escape something unnecessarily
egrep 'v1|v2c|
NOTE: This was run on ubuntu 14.04 LTS
Changed in openstack-ansible: | |
assignee: | nobody → Major Hayden (rackerhacker) |
status: | New → Confirmed |
importance: | Undecided → Low |
An updated version of the role should have fixed this issue, could you confirm?